From e8b01064f6f80c3b24f4e70a3b333ac50df54753 Mon Sep 17 00:00:00 2001
From: Daniel Strebel <strebel@google.com>
Date: Thu, 5 Aug 2021 13:21:57 +0200
Subject: [PATCH] Apigee add paid only variables and examples

---
 modules/apigee-organization/README.md    | 55 +++++++++++++++++++-----
 modules/apigee-organization/main.tf      | 13 +++---
 modules/apigee-organization/variables.tf |  6 +++
 modules/apigee-x-instance/README.md      | 25 +++++++++--
 modules/apigee-x-instance/main.tf        | 10 ++---
 modules/apigee-x-instance/outputs.tf     | 16 +++++--
 modules/apigee-x-instance/variables.tf   |  6 +++
 7 files changed, 103 insertions(+), 28 deletions(-)

diff --git a/modules/apigee-organization/README.md b/modules/apigee-organization/README.md
index becd82af..b4b35d45 100644
--- a/modules/apigee-organization/README.md
+++ b/modules/apigee-organization/README.md
@@ -2,22 +2,17 @@
 
 This module allows managing a single Apigee organization and its environments and environmentgroups.
 
-## TODO
-
-- [ ] N/A
-
 ## Examples
 
 ### Apigee X Evaluation Organization
 
 ```hcl
-module "apigee" {
-  source     = "./modules/apigee"
+module "apigee-organization" {
+  source     = "./modules/apigee-organization"
   project_id = "my-project"
   analytics_region = "us-central1"
   runtime_type = "CLOUD"
   authorized_network = "my-vpc"
-  peering_range = "10.0.0.0/16"
   apigee_environments = [
     "eval1",
     "eval2"
@@ -37,11 +32,51 @@ module "apigee" {
 # tftest:modules=1:resources=6
 ```
 
-### Apigee hybrid Evaluation Organization
+### Apigee X Paid Organization
 
 ```hcl
-module "apigee" {
-  source     = "./modules/apigee"
+module "apigee-organization" {
+  source     = "./modules/apigee-organization"
+  project_id = "my-project"
+  analytics_region = "us-central1"
+  runtime_type = "CLOUD"
+  authorized_network = "my-vpc"
+  database_encryption_key = "my-data-key"
+  apigee_environments = [
+    "dev1",
+    "dev2",
+    "test1",
+    "test2"
+  ]
+  apigee_envgroups = {
+    dev = {
+      environments = [
+        "dev1",
+        "dev2"
+      ]
+      hostnames    = [
+        "dev.api.example.com"
+      ]
+    }
+    test = {
+      environments = [
+        "test1",
+        "test2"
+      ]
+      hostnames    = [
+        "test.api.example.com"
+      ]
+    }
+  }
+}
+# tftest:modules=1:resources=11
+```
+
+### Apigee hybrid Organization
+
+```hcl
+module "apigee-organization" {
+  source     = "./modules/apigee-organization"
   project_id = "my-project"
   analytics_region = "us-central1"
   runtime_type = "HYBRID"
diff --git a/modules/apigee-organization/main.tf b/modules/apigee-organization/main.tf
index 66eaae52..b1c13481 100644
--- a/modules/apigee-organization/main.tf
+++ b/modules/apigee-organization/main.tf
@@ -26,12 +26,13 @@ locals {
 }
 
 resource "google_apigee_organization" "apigee_org" {
-  project_id         = var.project_id
-  analytics_region   = var.analytics_region
-  display_name       = var.display_name
-  description        = var.description
-  runtime_type       = var.runtime_type
-  authorized_network = var.authorized_network
+  project_id                           = var.project_id
+  analytics_region                     = var.analytics_region
+  display_name                         = var.display_name
+  description                          = var.description
+  runtime_type                         = var.runtime_type
+  authorized_network                   = var.authorized_network
+  runtime_database_encryption_key_name = var.database_encryption_key
 }
 
 resource "google_apigee_environment" "apigee_env" {
diff --git a/modules/apigee-organization/variables.tf b/modules/apigee-organization/variables.tf
index 1bec6f1f..5e792be5 100644
--- a/modules/apigee-organization/variables.tf
+++ b/modules/apigee-organization/variables.tf
@@ -40,6 +40,12 @@ variable "apigee_environments" {
   default = []
 }
 
+variable "database_encryption_key" {
+  description = "Cloud KMS key name used for encrypting the data that is stored and replicated across runtime instances (immutable, used in Apigee X only)."
+  type = string
+  default = null
+}
+
 variable "description" {
   description = "Description of the Apigee Organization."
   type = string
diff --git a/modules/apigee-x-instance/README.md b/modules/apigee-x-instance/README.md
index caa8577a..e407a5f6 100644
--- a/modules/apigee-x-instance/README.md
+++ b/modules/apigee-x-instance/README.md
@@ -2,10 +2,6 @@
 
 This module allows managing a single Apigee X instance and its environment attachments.
 
-## TODO
-
-- [ ] N/A
-
 ## Examples
 
 ### Apigee X Evaluation Instance
@@ -26,5 +22,26 @@ module "apigee-x-instance" {
 # tftest:modules=1:resources=3
 ```
 
+### Apigee X Paid Instance
+
+```hcl
+module "apigee-x-instance" {
+  source              = "./modules/apigee-x-instance"
+  name                = "my-us-instance"
+  region              = "us-central1"
+  cidr_mask           = 16
+  disk_encryption_key = "my-disk-key"
+
+  apigee_org_id       = "my-project"
+  apigee_environments = [
+    "dev1",
+    "dev2",
+    "test1",
+    "test2"
+  ]
+}
+# tftest:modules=1:resources=5
+```
+
 <!-- BEGIN TFDOC -->
 <!-- END TFDOC -->
diff --git a/modules/apigee-x-instance/main.tf b/modules/apigee-x-instance/main.tf
index 82497b6f..9c300828 100644
--- a/modules/apigee-x-instance/main.tf
+++ b/modules/apigee-x-instance/main.tf
@@ -15,11 +15,11 @@
  */
 
 resource "google_apigee_instance" "apigee_instance" {
-  org_id             = var.apigee_org_id
-  name               = var.name
-  location           = var.region
-  peering_cidr_range = "SLASH_${var.cidr_mask}"
-  #disk_encryption_key_name = google_kms_crypto_key.apigee_key.id
+  org_id                   = var.apigee_org_id
+  name                     = var.name
+  location                 = var.region
+  peering_cidr_range       = "SLASH_${var.cidr_mask}"
+  disk_encryption_key_name = var.disk_encryption_key
 }
 
 resource "google_apigee_instance_attachment" "apigee_instance_attchment" {
diff --git a/modules/apigee-x-instance/outputs.tf b/modules/apigee-x-instance/outputs.tf
index 3d754d24..0f2d5d6b 100644
--- a/modules/apigee-x-instance/outputs.tf
+++ b/modules/apigee-x-instance/outputs.tf
@@ -14,12 +14,22 @@
  * See the License for the specific language governing permissions and
  */
 
+output "endpoint" {
+  description = "Internal endpoint of the Apigee instance."
+  value       = google_apigee_instance.apigee_instance.host
+}
+
+output "id" {
+  description = "Apigee instance ID."
+  value       = google_apigee_instance.apigee_instance.id
+}
+
 output "instance" {
   description = "Apigee instance."
   value       = google_apigee_instance.apigee_instance
 }
 
-output "endpoint" {
-  description = "Internal endpoint of the Apigee instance."
-  value       = google_apigee_instance.apigee_instance.host
+output "port" {
+  description = "Port number of the internal endpoint of the Apigee instance."
+  value       = google_apigee_instance.apigee_instance.port
 }
diff --git a/modules/apigee-x-instance/variables.tf b/modules/apigee-x-instance/variables.tf
index 88047176..37d8a3f5 100644
--- a/modules/apigee-x-instance/variables.tf
+++ b/modules/apigee-x-instance/variables.tf
@@ -43,6 +43,12 @@ variable "cidr_mask" {
   }
 }
 
+variable "disk_encryption_key" {
+  description = "Customer Managed Encryption Key (CMEK) used for disk and volume encryption (required for PAID Apigee Orgs only)."
+  type        = string
+  default     = null
+}
+
 variable "name" {
   description = "Apigee instance name."
   type        = string